Configure SG rules for JupyterHub's proxy-public ELB on EKS?

8/8/2019

I am running JupyterHub 0.8.2 on AWS EKS (managed kubernetes) cluster.

I specify an AWS load balancer in my helm config like so:

  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <<my_cert_arn>>
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "1800"

This creates an ELB that points to jhub

I want to know if there is any way for me to configure ingress rules on the SG that is associated with this ELB? (It creates a SG implicitly, it seeems)

I need to restrict access to this ELB, based on SG rules. This causes problems when we iterate on the helm release. When the helm release is re-created, the ELB and SG are re-created, and the ingress rules are lost. The developer must remember to add them back each time.

-- James Wierzba
amazon-eks
amazon-web-services
jupyterhub
kubernetes

0 Answers